Permalink
Commits on Dec 9, 2016
  1. Replace PCRE with PCRE2 where it is available.

    This patch removes the needless assignment of re_erroffset in the conf pool
    by the worker threads; such mistakes break the shared copy-on-write pages of
    memory that should have remained common between all httpd worker processes.
    
    Two de-optimizations are inherent in this patch, the former ovector-on-stack
    opportunity is lost unless implemented as a new general context. Safer that
    we either create a new general context using pool allocation, or recycle a
    per pool or per thread match_data buffer of some arbitrary 10 elts or so.
    
    Submitted by: wrowe, Petr Pisar <ppisar@redhat.com>
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773454 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Dec 9, 2016
  2. ProxyPass ! doesn't block per-directory ProxyPass

     *) mod_proxy: Honor a server scoped ProxyPass exception when ProxyPass is
         configured in <Location>, like in 2.2. PR 60458.
         [Eric Covener]
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773397 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 9, 2016
  3. backported

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773396 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 9, 2016
  4. Drop C-L header and message-body from HTTP 204 responses.

    The C-L header can be set in a fcgi/cgi backend or in other
    filters like ap_content_length_filter (with the value of 0),
    meanwhile the message-body can be returned incorrectly
    by any backend. The idea is to remove unnecessary bytes
    from a HTTP 204 response.
    
    PR 51350
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773346 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 9, 2016
Commits on Dec 8, 2016
  1. change error handling for bad resp headers

     - avoid looping between ap_die and the http filter
     - remove the header that failed the check
     - keep calling apr_table_do until our fn stops matching
    
    
    This is still not great. We get the original body, a 500 status
    code and status line.
    
    (r1773285 + fix for first return from check_headers)
    
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773293 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 8, 2016
  2. revert r1773285

    breaks some existing tests. Needs more work.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773292 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 8, 2016
  3. change error handling for bad resp headers

     - avoid looping between ap_die and the http filter
     - remove the header that failed the check
     - keep calling apr_table_do until our fn stops matching
    
    
    This is still not great. We get the original body, a 500 status
    code and status line.
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773285 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 8, 2016
  4. Rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773245 13f79535-47bb-0310-9956-ffa450edef68
    rbowen committed Dec 8, 2016
  5. "most common". Sheesh.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773244 13f79535-47bb-0310-9956-ffa450edef68
    rbowen committed Dec 8, 2016
Commits on Dec 7, 2016
  1. After eliminating unusual whitespace in Unsafe mode (e.g. \f \v), we …

    …are left
    
    with the same behavior in both of these cases. Simplify. Noted by rpluem.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773162 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Dec 7, 2016
  2. Partial port of proposed r1773158 for httpd-2.x only; this change cau…

    …ses all
    
    illegible protocol args to be rejected, irrespective of the strict toggle as
    we expect this to occur with a garbage raw SP embedded in the request URI.
    
    Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0
    error response.
    
    String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol
    member.
    
    Submitted by: rpluem, wrowe
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773159 13f79535-47bb-0310-9956-ffa450edef68
    wrowe committed Dec 7, 2016
Commits on Dec 6, 2016
  1. mod_auth_digest: fix segfaults during shared memory exhaustion

    The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
    check for a malloc failure, leading to crashes when we ran out of the
    limited space provided by AuthDigestShmemSize. This patch replaces all
    these calls with a helper function that performs this check.
    
    Additionally, fix a NULL-check bug during entry garbage collection.
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772919 13f79535-47bb-0310-9956-ffa450edef68
    jchampio committed Dec 6, 2016
Commits on Dec 5, 2016
  1. mod_session_crypto: Authenticate the session data/cookie with a MAC (…

    …SipHash)
    
    to prevent deciphering or tampering with a padding oracle attack.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772812 13f79535-47bb-0310-9956-ffa450edef68
    ylavic committed Dec 5, 2016
  2. capitalize

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772763 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 5, 2016
  3. xforms

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772759 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 5, 2016
  4. provide more access control migration hints

    current examples don't account for when access control overlaps
    with authentication.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772758 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 5, 2016
  5. in 2.4.24-dev

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772683 13f79535-47bb-0310-9956-ffa450edef68
    jimjag committed Dec 5, 2016
Commits on Dec 4, 2016
  1. update after mod_http2 backport

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772580 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Dec 4, 2016
  2. SECURITY: CVE-2016-8740

    mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.
    
    Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772576 13f79535-47bb-0310-9956-ffa450edef68
    Stefan Eissing committed Dec 4, 2016
  3. Changes done by Daniel, reviewed by me, adding the html files and met…

    …a file to the repo.
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772575 13f79535-47bb-0310-9956-ffa450edef68
    Luis Gil committed Dec 4, 2016
  4. rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772560 13f79535-47bb-0310-9956-ffa450edef68
    rbowen committed Dec 4, 2016
  5. Undocumented query string.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772559 13f79535-47bb-0310-9956-ffa450edef68
    rbowen committed Dec 4, 2016
  6. mpm-event's doc rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772513 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 4, 2016
  7. Added some notes in mpm-event's doc page

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772512 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 4, 2016
  8. Missing CHNAGES for r1772489

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772504 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Dec 4, 2016
Commits on Dec 3, 2016
  1. Fix some style issue.

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772490 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Dec 3, 2016
  2. The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.

    With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive
    
    If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'
    
    PR 60419
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772489 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Dec 3, 2016
  3. Remove some spaces to synch with 2.4

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772484 13f79535-47bb-0310-9956-ffa450edef68
    Christophe Jaillet committed Dec 3, 2016
  4. update transformation

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772480 13f79535-47bb-0310-9956-ffa450edef68
    André Malo committed Dec 3, 2016
  5. loop in checking response headers

    w/ HTTPProtocolOptions Unsafe
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772418 13f79535-47bb-0310-9956-ffa450edef68
    covener committed Dec 3, 2016
Commits on Dec 2, 2016
  1. mpm-event's doc rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772400 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 2, 2016
  2. Fixed some wording in mpm-event's doc page

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772399 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 2, 2016
  3. mpm-event's documentation rebuild

    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772358 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 2, 2016
  4. Add a section to mpm-event's documentation to advertise new changes

    I tried to add a summary of Stefan's last patches just backported to
    2.4.x today. I've read all of them and tried to report Stefan's comment
    from PR 53555 as much as possible. Please review and let me know if I wrong
    something incorrect or not precise enough.
    
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772357 13f79535-47bb-0310-9956-ffa450edef68
    elukey committed Dec 2, 2016